Commit 4d4ff9c3 authored by Alexander Pace's avatar Alexander Pace

Merge branch 'safe-netrc' into 'master'

Remove old safe_netrc implementation in favour of third-party dependency

See merge request lscsoft/lvalert!21
parents e082ad0c d3410df4
Pipeline #167015 passed with stages
in 3 minutes and 55 seconds
...@@ -76,6 +76,7 @@ build:el7: ...@@ -76,6 +76,7 @@ build:el7:
# install build-depends # install build-depends
- mk-build-deps --tool "apt-get -y" --install --remove - mk-build-deps --tool "apt-get -y" --install --remove
# build binary packages # build binary packages
- dch --local "-ci" -b "Rebuilt automatically on git.ligo.org CI"
- dpkg-buildpackage -us -uc -b - dpkg-buildpackage -us -uc -b
- popd - popd
# clean up tarball and build folder (to remove from artefacts) # clean up tarball and build folder (to remove from artefacts)
......
...@@ -25,10 +25,9 @@ import getpass ...@@ -25,10 +25,9 @@ import getpass
import uuid import uuid
from optparse import * from optparse import *
# pubsub import must come first because it overloads part of the from safe_netrc import netrc as safe_netrc
# StanzaProcessor class
from ligo.lvalert import pubsub from ligo.lvalert import pubsub
from ligo.lvalert.utils import safe_netrc
from pyxmpp.all import JID,Iq,Presence,Message,StreamError,TLSSettings from pyxmpp.all import JID,Iq,Presence,Message,StreamError,TLSSettings
from pyxmpp.jabber.all import Client from pyxmpp.jabber.all import Client
......
...@@ -29,10 +29,9 @@ import six.moves.configparser ...@@ -29,10 +29,9 @@ import six.moves.configparser
from subprocess import Popen, PIPE from subprocess import Popen, PIPE
from optparse import * from optparse import *
# pubsub import must come first because it overloads part of the from safe_netrc import netrc as safe_netrc
# StanzaProcessor class
from ligo.lvalert import pubsub from ligo.lvalert import pubsub
from ligo.lvalert.utils import safe_netrc
from pyxmpp.all import JID,Iq,Presence,Message,StreamError,TLSSettings from pyxmpp.all import JID,Iq,Presence,Message,StreamError,TLSSettings
from pyxmpp.jabber.all import Client from pyxmpp.jabber.all import Client
......
...@@ -26,10 +26,9 @@ import getpass ...@@ -26,10 +26,9 @@ import getpass
import uuid import uuid
from optparse import OptionParser from optparse import OptionParser
# pubsub import must come first because it overloads part of the from safe_netrc import netrc as safe_netrc
# StanzaProcessor class
from ligo.lvalert import pubsub from ligo.lvalert import pubsub
from ligo.lvalert.utils import safe_netrc
from pyxmpp.all import JID,TLSSettings from pyxmpp.all import JID,TLSSettings
from pyxmpp.jabber.all import Client from pyxmpp.jabber.all import Client
......
...@@ -9,6 +9,7 @@ Build-Depends: ...@@ -9,6 +9,7 @@ Build-Depends:
python-setuptools, python3-setuptools, python-setuptools, python3-setuptools,
python-six, python3-six, python-six, python3-six,
python-dnspython, python3-dnspython, python-dnspython, python3-dnspython,
python-safe-netrc, python3-safe-netrc,
python-sleekxmpp, python3-sleekxmpp, python-sleekxmpp, python3-sleekxmpp,
help2man, help2man,
Standards-Version: 3.8.4 Standards-Version: 3.8.4
...@@ -25,6 +26,7 @@ Depends: ...@@ -25,6 +26,7 @@ Depends:
python-libxml2, python-libxml2,
python-ligo-common, python-ligo-common,
python-pyasn1, python-pyasn1,
python-safe-netrc,
Provides: ${python:Provides} Provides: ${python:Provides}
Description: LIGO-Virgo Alert Network - Python Description: LIGO-Virgo Alert Network - Python
The LIGO-Virgo Alert Network (LVAlert) is a prototype notification service The LIGO-Virgo Alert Network (LVAlert) is a prototype notification service
...@@ -40,6 +42,7 @@ Depends: ...@@ -40,6 +42,7 @@ Depends:
${python3:Depends}, ${python3:Depends},
python3-dnspython, python3-dnspython,
python3-ligo-common, python3-ligo-common,
python3-safe-netrc,
python3-sleekxmpp, python3-sleekxmpp,
Provides: ${python3:Provides} Provides: ${python3:Provides}
Description: LIGO-Virgo Alert Network - Python Description: LIGO-Virgo Alert Network - Python
......
...@@ -36,6 +36,7 @@ Provides: %{name} ...@@ -36,6 +36,7 @@ Provides: %{name}
Obsoletes: %{name} Obsoletes: %{name}
Requires: python-six Requires: python-six
Requires: python2-ligo-common Requires: python2-ligo-common
Requires: python2-safe-netrc
Requires: pyxmpp Requires: pyxmpp
Requires: python-sleekxmpp Requires: python-sleekxmpp
...@@ -51,6 +52,7 @@ tools for interacting with the LVAlert jabber server. ...@@ -51,6 +52,7 @@ tools for interacting with the LVAlert jabber server.
%package -n python%{python3_pkgversion}-%{name} %package -n python%{python3_pkgversion}-%{name}
Summary: %{summary} Summary: %{summary}
Requires: python%{python3_pkgversion}-ligo-common Requires: python%{python3_pkgversion}-ligo-common
Requires: python%{python3_pkgversion}-safe-netrc
Requires: python%{python3_pkgversion}-six Requires: python%{python3_pkgversion}-six
Requires: python%{python3_pkgversion}-sleekxmpp Requires: python%{python3_pkgversion}-sleekxmpp
......
...@@ -28,7 +28,8 @@ import uuid ...@@ -28,7 +28,8 @@ import uuid
import ssl import ssl
import pkg_resources import pkg_resources
from ligo.lvalert.utils import safe_netrc as _netrc
from safe_netrc import netrc as _netrc
import sleekxmpp import sleekxmpp
......
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
# You should have received a copy of the GNU General Public License # You should have received a copy of the GNU General Public License
# along with lvalert. If not, see <http://www.gnu.org/licenses/>. # along with lvalert. If not, see <http://www.gnu.org/licenses/>.
from netrc import netrc, NetrcParseError
import stat import stat
import sys import sys
import os import os
...@@ -232,34 +231,3 @@ def submit_condor_job(subfile): ...@@ -232,34 +231,3 @@ def submit_condor_job(subfile):
p = Popen(["condor_submit "+subfile], shell=True).pid p = Popen(["condor_submit "+subfile], shell=True).pid
return p return p
class safe_netrc(netrc):
"""The netrc.netrc class from the Python standard library applies access
safety checks (requiring that the netrc file is readable only by the
current user, and not by group members or other users) only if using the
netrc file in the default location (~/.netrc). This subclass applies the
same access safety checks regardless of the path to the netrc file."""
def _parse(self, file, fp, *args, **kwargs):
# Copied and adapted from netrc.py from Python 2.7
if os.name == 'posix':
prop = os.fstat(fp.fileno())
if prop.st_uid != os.getuid():
try:
fowner = pwd.getpwuid(prop.st_uid)[0]
except KeyError:
fowner = 'uid %s' % prop.st_uid
try:
user = pwd.getpwuid(os.getuid())[0]
except KeyError:
user = 'uid %s' % os.getuid()
raise NetrcParseError(
("~/.netrc file owner (%s) does not match"
" current user (%s)") % (fowner, user),
file)
if (prop.st_mode & (stat.S_IRWXG | stat.S_IRWXO)):
raise NetrcParseError(
"~/.netrc access too permissive: access"
" permissions must restrict access to only"
" the owner", file)
return netrc._parse(self, file, fp, *args, **kwargs)
...@@ -39,6 +39,7 @@ install_requires = ...@@ -39,6 +39,7 @@ install_requires =
pyasn1>=0.1.8 pyasn1>=0.1.8
pyasn1-modules>=0.0.5 pyasn1-modules>=0.0.5
ligo-common ligo-common
safe-netrc
sleekxmpp>=1.3.3 sleekxmpp>=1.3.3
numpy numpy
six six
......
...@@ -39,7 +39,7 @@ setup( ...@@ -39,7 +39,7 @@ setup(
# provides = ['ligo.lvalert'], # provides = ['ligo.lvalert'],
packages = find_packages(), packages = find_packages(),
install_requires = install_reqs.extend(['sleekxmpp', 'dnspython', 'numpy', 'six']), install_requires = install_reqs.extend(['safe-netrc', 'sleekxmpp', 'dnspython', 'numpy', 'six']),
#install_requires = ['sleekxmpp', 'dnspython', 'numpy', 'six','recommonmark', 'sphinx', 'sphinx-argparse'], #install_requires = ['sleekxmpp', 'dnspython', 'numpy', 'six','recommonmark', 'sphinx', 'sphinx-argparse'],
scripts = [ scripts = [
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment